Authentication method for establishing connection between devices

ABSTRACT

An authentication method for establishing a connection between devices that want to communicate data in a communication environment using communication specification such as Bluetooth is provided. In the authentication method, it is determined whether the authentication procedure for establishing a connection between devices that want to communicate data is performed as a unilateral authentication procedure or as a mutual authentication procedure, according to the condition of one of the two devices that can communicate data and receives an authentication request, and performing the authentication procedure. Therefore, the authentication method more reliably and precisely establishes a connection between devices that want to communicate data in a communication environment operating based on communication specifications such as Bluetooth.

This is a continuation of application Ser. No. 09/721,713 filed Nov. 27,2000. The entire disclosure of the prior application, application Ser.No. 09/721,713, is hereby incorporated by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to an authentication method forestablishing a connection between devices that can communicate data, andmore particularly, to an authentication method for establishing aconnection between devices that want to communicate data in atelecommunications environment using communication specifications suchas Bluetooth. The present application is based on Korean PatentApplication No. 52658/1999, which is incorporated herein by reference.

2. Description of the Related Art

Bluetooth is a local wireless data communication specification whichenables high speed data communications between various electronicdevices, using radio frequency (RF) without physical cables. SinceBluetooth adopts Continuous Variable Slope Delta Modulation (CVSD),Bluetooth can send voice as well as character data without limits inspace.

For data communications between devices operating in atelecommunications environment using such communication specificationsas Bluetooth, a connection must be established between devices beforecommunicating data. The process for establishing a connection can bebroadly divided into synchronizing radio frequency, establishing a link,and establishing a channel. However, since the specification for suchcommunication specifications as Bluetooth has not been perfectlystipulated yet, research for preparing specifications corresponding todiverse parts, including the connection procedure, are proceeding fromvarious angles.

SUMMARY OF THE INVENTION

To solve the above problems, it is an objective of the present inventionto provide an authentication method for establishing a connectionbetween devices that want to communicate data in a telecommunicationsenvironment using communication specifications such as Bluetooth.

To solve the above problems, it is another objective of the presentinvention to provide an authentication method for performing anauthentication procedure to establish a connection between devices thatwant to communicate data, according to the authentication conditions ofthe other device with which the present device wants to communicate, ina telecommunications environment using communication specifications suchas Bluetooth.

To solve the above problems, it is an objective of the present inventionto provide an authentication method for establishing a connectionbetween devices that can wirelessly communicate data, the method havingthe steps of (a) sending a first authentication-request message to theother device in order to perform an authentication procedure with theother device to which a connection is wanted; (b) sending apredetermined message according to the current operation mode to theother device and storing the predetermined message when theauthentication-response message to the first authentication-requestmessage is received; (c) after performing the step (b), checking whetheror not the received first message is a response message corresponding tothe predetermined message when a first message from the other device isreceived; (d) sending a response message corresponding to a secondauthentication-request message to the other device when the result ofchecking in the step (c) indicates that the first message is not theresponse message, but the second authentication-request message; (e)after performing the step (d), checking whether or not a second messageis a response message corresponding to the predetermined message whenthe second message from the other device is received; and (f) finishingthe authentication procedure when the result of checking in the step (e)indicates that the second message is a response message corresponding tothe predetermined message.

To solve another problem, it is an objective of the present invention toprovide an authentication method for establishing a connection betweendevices that can wirelessly communicate data, the method having thesteps of: (a) sending a response message corresponding to a firstauthentication-request message when the first authentication-requestmessage from another device that wants to establish a connection isreceived; (b) after performing the step (a), checking the authenticationcondition of the present device when a predetermined message from theother device is received; (c) storing the predetermined message andsending a second authentication-request message to the other device whenthe result of checking indicates that a mutual authentication isrequired; and (d) after performing the step (c), sending a responsemessage corresponding to the message stored in the step (c), to theother device when a response message from the other device correspondingto the second authentication-request message is received, and finishingthe authentication procedure.

BRIEF DESCRIPTION OF THE DRAWINGS

The above objectives and advantages of the present invention will becomemore apparent by describing in detail a preferred embodiment withreference to the attached drawings in which:

FIG. 1 is a functional block diagram of devices for performing a methodaccording to the present invention;

FIG. 2 is a flowchart showing the operation in an authentication-requestsource in performing an authentication method according to the presentinvention;

FIG. 3 is a flowcharts showing the operation in anauthentication-request destination in performing an authenticationmethod according to the present invention;

FIGS. 4A and 4B illustrate an authentication procedure in a pairingprocess; and

FIGS. 5A and 5B illustrate an authentication procedure after a link keyis generated.

DETAILED DESCRIPTION OF THE INVENTION

Hereinafter, embodiments of the present invention will be described indetail with reference to the attached drawings. The present invention isnot restricted to the following embodiments, and many variations arepossible within the spirit and scope of the present invention. Theembodiments of the present invention are provided in order to morecompletely explain the present invention to anyone skilled in the art.

FIG. 1 is a functional block diagram of systems for performing a methodaccording to the present invention. Referring to FIG. 1, the systemincludes an authentication-request source 100 and anauthentication-request destination 110. The authentication-requestsource 100 and the authentication-request destination 110 are installedin their respective devices that can communicate data usingcommunication specifications such as Bluetooth. For example, theauthentication-request source 100 is installed in a source device, whilethe authentication-request destination is installed in a destinationdevice. The authentication-request source 100 and theauthentication-request destination 110 both have a host controllerinterface 102 and 112, a link manager 106 and 116, and an end portion108 and 118, respectively. Each of the link managers 106 and 116includes a memory 105 and 115.

The host controller interfaces 102 and 112 communicate data andinterface, corresponding to layer 2, with their respective hosts (not indrawings). The authentication-request source 100 and theauthentication-request destination 110 of FIG. 1 are separated from eachhost (not in drawings). In a broad sense, the host (not in drawings) isa device operating according to communication specifications such asBluetooth, while in a narrow sense, the host is a module installed in asystem having multiple functions, and controlled by the centralprocessing unit (not in drawings) of the system so that the moduleoperates in a mode complying with communication specifications such asBluetooth. This host (not in drawings) is implemented to perform LogicalLink Control and Adaptation Protocol (L2 CAP), which performs a functioncorresponding to layer 2 in order to establish a channel to each of thehost controller interfaces 102 and 112, and the application functions.

The link managers 106 and 116 are implemented to establish and release aconnection to a device that wants to communicate data according tocommunication specifications such as Bluetooth, and to perform afunction for handling a link established between link managers 106 and116 of corresponding devices when a connection is established.Particularly, the memories 105 and 115 store Link Management Protocol(LMP) messages, which are required for establishing a connection betweencorresponding devices.

The end portions 108 and 118 perform high frequency processing andbaseband control. The high frequency processing is for enabling highfrequency communications between devices that want to communicate datain a communication environment complying with Bluetooth, and includessynchronization of high frequency signals and conversion of bits intosymbols. The baseband control function includes coding/ciphering, packethandling, and frequency hopping.

Thus, the formed authentication-request source 100 andauthentication-request destination 110 synchronize high frequencysignals between themselves according to the requests of their respectivehosts and then establish a connection between themselves. Establishing aconnection between themselves is performed through an authenticationprocedure between the link managers 106 and 116, which are installed inthe authentication-request source 100 and the authentication-requestdestination 110, respectively.

FIG. 2 is a flowchart showing the operation in theauthentication-request source in performing an authentication methodaccording to the present invention, and FIG. 3 is a flowchart showingthe operation in the authentication-request destination in performing anauthentication method according to the present invention.

Referring to FIGS. 1 through 3, the authentication method according tothe present invention will now be explained.

First, the link manager 106 of the authentication-request source 100sends an authentication-request LMP message (LMP_au_rand) through theend portion 108 in step 202, and then the link manager 116 of theauthentication-request destination 110 receives theauthentication-request LMP message (LMP_au_rand) through the end portion118 in step 302.

In step 303, the link manager 116 calculates an authentication-responseto the received authentication-request LMP message (LMP_au_rand). Thatis, the authentication-response is calculated using random information,which is included in the received authentication-request LMP message(LMP_au_rand), and key information, which the link manager 116 holds. Instep 304, the link manager 116 sends an authentication-response LMPmessage (LMP_sres), which is formed from the calculatedauthentication-response, to the authentication-request source 100through the end portion 118.

Then, the link manager of the authentication-request source 100 receivesthe authentication-response LMP message (LMP_sres) through the endportion 108 in step 204. In step 206, the link manager 106 checkswhether the received authentication-response LMP message (LMP_sres) isvalid. Checking is performed using random information, which is includedin the authentication-request LMP message sent in the step 202, and keyinformation, which the link manager 106 holds. That is, the link manager106 can compare the result of the calculation, using key information,which the link manager 106 has, and random information, which isincluded in the authentication-request LMP message (LMP_au_rand), withthe authentication-response information included in the receivedauthentication-response LMP message (LMP_sres) so as to determinewhether the currently received authentication-response LMP message(LMP_sres) is valid. At this time, the link manager 106 has the same keyinformation as the link manager 116.

When the result of checking in the step 206 indicates that the currentlyreceived authentication-response LMP message (LMP_sres) is not valid,the link manager 106 determines that the corresponding authenticationprocedure has failed, and a process for failed authentication isperformed in step 208. For example, a notice that the correspondingauthentication procedure has been failed can be sent to thecorresponding host (not in drawings) and the authentication-requestdestination 110. Then, the corresponding authentication procedure isfinished in step 210.

However, when the result of checking in the step 206 indicates that thereceived authentication-response LMP message (LMP_sres) is valid, thelink manager 106 checks whether the current stage for establishing aconnection is a pairing process in step 212. This is determined bywhether information on the link key is stored in the memory 105installed in the link manager 106. That is, when information on the linkkey is not stored in the memory 105, it is determined that the currentstage for establishing a connection is a pairing process.

When the result of checking in step 212 indicates that the current stagefor establishing a connection is a pairing process, the key used in thestep 206 is the initialize-key information. Therefore, a link key whichwill be used between the link managers 106 and 116 must be generated.The link key is used to authenticate a link to be formed between thelink managers 106 and 116 as a result of establishing a connection.

Therefore, when the current stage for establishing a connection is apairing process, the link manager 106 sends an LMP message (LMP_comb_keyor LMP_unit_key) for generating a link key to the authentication-requestdestination 110 through the end portion 108 and at the same time storesthe LMP message in step 214. LMP_comb_key is an LMP message, which issent when a link key is generated using the result of the combined keyinformation of the link managers 106 and 116, and when there is amessage requesting generation of a combination key. LMP_unit_key is anLMP message, which is sent when a link key is generated using only keyinformation that the link manager 106 holds, and when there is a messagerequesting generation of a unit key.

When an LMP message for generating a link key is sent in the step 214,the link manager 116 checks the authentication condition of the linkmanager 116 in step 308. The authentication condition of the linkmanager 116 is information which enables determination of whether amutual authentication procedure must be considered. In the presentembodiment, Authentication_Enable information is used for that. Forexample, when the Authentication_Enable information of the link manager116 is set to ‘0x00’, the link manager 116 determines that the mutualauthentication need not be considered. Meanwhile, when theAuthentication_Enable information is set to ‘0x01’, the link manager 116determines that the mutual authentication needs to be considered.

When the result of checking in the step 308 indicates that the mutualauthentication need not be considered, then the currently received LMPmessage is for generating a link, and therefore the link manager 116sends an LMP message (LMP_comb_key or LMP_unit_key), which is a responsemessage for generating a link key, to the authentication-request source100 through the end portion 118 in step 309. At this time, when link keyinformation is generated using the result of the combined keyinformation of the link managers 106 and 116 regardless of the LMPmessage in the step 214, the LMP message that is sent is a messagerequesting generation of a combination key (LMP_comb_key). When the linkkey information is generated using key information, which the linkmanager 116 holds, the LMP message that is sent is a message requestinggeneration of a unit key (LMP_unit_key).

Then, the link manager 116 generates a link key in step 310. When bothLMP messages that are sent and received in order to establish a link keybetween the link managers 106 and 116 are messages requesting generationof a combination key (LMP_comb_key), the link manager 116 generates alink key based on the combined result. However, when the link manager106 sends a message requesting generation of a combination key(LMP_comb_key) but the link manager 116 sends a message requestinggeneration of a unit key (LMP_unit_key), the link manager 116 generatesa link key based on key information of the link manager 116. When bothLMP messages that are sent and received between the link managers 106and 116 are messages requesting generation of a unit key (LMP_unit_key),the link manager 116 generates a link key based on the key informationof the link manager 106. When a link key is generated, theauthentication procedure in the pairing process is finished in step 314.

However, when the result of checking in the step 308 indicates that themutual authentication needs to be considered, the link manager 116stores the LMP message, which was received for generating a link key, inthe memory 115 in step 316. Then, in step 318, the link manager 116sends an authentication-request LMP message (LMP_au_rand) to theauthentication-request source 100 through the end portion 118.

Meanwhile, after the link manager 106 sends an LMP message forgenerating a link key in the step 214, when an LMP message from theother device, the authentication-request destination 110, is received instep 216, the link manager 106 checks the received LMP message in step218. That is, the link manager 106 determines whether the received LMPmessage is a message for generating a link key (LMP_comb_key orLMP_unit_key) or an authentication-request LMP message (LM_au_rand).Checking is performed using identification information (op code) loadedin the payload of the received message. That is, with the identificationinformation, the link manager determines whether the currently receivedLMP message is an LMP message for generating a link key or anauthentication-request LMP message.

When the result of checking in the step 218 indicates that the currentlyreceived LMP message is an LMP message for generating a link key(LMP_comb_key or LMP_unit_key), the link manager 106 generates acorresponding link key in step 220. At this time, when the LMP message,which was sent and received between the link managers 106 and 116 togenerate a link key, is a message requesting generation of a combinationkey (LMP_comb_key), the link manager 106 generates a link key based onthe combined result. However, when the link manager 106 has sent amessage requesting generation of a combination key (LMP_comb_key) butthe link manager 116 has sent a message requesting generation of a unitkey (LMP_unit_key), the link manager 106 generates a link key based onthe key information of the link manager 116. When the LMP message thatwas sent and received between the link managers 106 and 116 is a messagerequesting generation of a unit key (LMP_unit_key), the link manager 106generates a link key based on the key information of the link manager106. Thus, when a link key is thus generated, the authenticationprocedure of the pairing process is finished in step 210.

However, when the result of checking in the step 218 indicates that thereceived LMP message is an authentication-request LMP message(LMP_au_rand), the link manager 106 sends an authentication-response LMPmessage to the authentication-request destination 110 through the endportion 108 in step 222.

Therefore, the link manager 116 of the authentication-requestdestination 110 receives the authentication-response LMP message(LMP_sres) in step 320. Then, the link manager 116 checks whether thereceived authentication-response message is valid in step 322. Checkingis performed in the same way as in the step 206. When the result ofchecking in the step 322 indicates that the receivedauthentication-response message is not valid, the link manager 116processes an authentication failure in step 324, and finishes theprocedure in step 314. Processing an authentication failure is performedin the same way as in the step 208.

However, when the result of checking in the step 322 determines that thereceived authentication-response LMP message is valid, the next step isgenerating a link key. The link manager 116 sends an LMP messageresponding to the LMP message for generating a link key stored in thememory 115 in step 325. Then, the link manager 116 generates a link keyin step 310 in the same way as in the step 326, and finishes the mutualauthentication procedure of the pairing process in step 314.

The link manager 106 of the authentication-request source receives anLMP message that is a response message for generating a link key in step224, and then, in step 225, checks whether the received LMP message is aresponse message corresponding to the message stored in the step 214.When the result of checking indicates that the received message is thecorresponding response message, the link manager 106 generates a linkkey in step 226 in the same way as in the step 220, and then finishesthe mutual authentication procedure of the pairing process in step 210.However, when the result of checking in the step 225 indicates that thereceived message is not the corresponding response message, the linkmanager 106 awaits the reception of the corresponding response message.

Meanwhile, when the result of the checking by the link manager 106 inthe step 212 indicates that the current stage for establishing aconnection is not a pairing process, the link manager 106 sends an LMPmessage of connection-establishment-completion (LMP_setup_complete) tothe authentication-request destination 110 and stores the LMP message inthe memory 105 in step 228.

Therefore, the link manager 116 receives the LMP message ofconnection-establishment-completion (LMP_setup_complete) in step 306,and checks the authentication condition of the link manager 116 in step308. When the result of checking indicates that the mutualauthentication is not needed, the link manager 116 sends an LMP messageof connection-establishment-completion (LMP_setup_complete), which is aresponse message to the received LMP message, to theauthentication-request source 100 in step 311. Then, the link manager116 finishes the authentication procedure and establishes acorresponding connection in step 312, and finishes the procedure forestablishing a connection in step 314.

However, when the result of checking in the step 308 indicates that themutual authentication is needed, the link manager 116 stores thereceived LMP message of connection-establishment-completion(LMP_setup_complete), received in the step 316, in the memory 115 instep 316. The link manager 116 sends an authentication-request LMPmessage (LMP_au_rand) to the authentication-request source 100 in step318.

The link manager 106 receives the LMP message from the other device, theauthentication-request destination 110, in step 230, and checks whetherthe received message is an authentication-request LMP message(LMP_au_rand) or an LMP message of connection-establishment-completion(LMP_setup_complete) in step 232. Checking is performed in the same wayas in the step 218.

When the result of checking in the step 232 indicates that the receivedmessage is an LMP message of connection-establishment-completion, thelink manager 106 finishes the authentication procedure in step 235, andestablishes a corresponding connection, and then finishes the procedurefor establishing a connection in step 210. However, when the result ofchecking in the step 232 indicates that the received message is anauthentication-request LMP message (LMP_au_rand), the link manager 106sends an authentication-response message to the authentication-requestdestination 110 in step 236.

The link manager 116 receives the authentication-response LMP message instep 320, and checks, as described above, whether the receivedauthentication-response LMP message is valid, in step 322. When theresult of checking in the step 322 indicates that the receivedauthentication-response LMP message is not valid, the link manager 116performs the step 324. However, if the received authentication-responseLMP message is valid, the link manager 116 sends an LMP message ofconnection-establishment-completion (LMP_setup_complete), which is aresponse message corresponding to the message ofconnection-establishment-completion stored in the memory 115, to theauthentication-request source 100 in step 327. Then, the link manager116 finishes the mutual authentication procedure in step 328, andestablishes a corresponding connection and finishes the procedure forestablishing a connection in step 314.

The link manager 106 receives the LMP message ofconnection-establishment-completion in step 238, and checks whether thereceived LMP message is the response message corresponding to the LMPstored in the memory in the step 228, in step 239. When the result ofchecking indicates that the received LMP message is the correspondingresponse message, the link manager 106 finishes the mutualauthentication procedure in step 240, and establishes a correspondingconnection and finishes the procedure for establishing a connection instep 210.

However, when the result of checking in the step 239 indicates that thereceived LMP message is not the corresponding response message, the linkmanager 106 awaits the reception of the corresponding response message.

FIG. 4A is a conceptual diagram of the authentication procedureperformed in the pairing process and shows a unilateral authenticationprocedure. Therefore, as shown in FIG. 4A, Authentication_Enable for thelink manager 106 of the authentication-request source 100 is set to‘0x01’, while Authentication_Enable for the link manager 116 of theauthentication-request destination 110 is set to ‘0x00’.

In a state in which Authentication_Enables are set as described, thelink manager 106 of the authentication-request source 100 sends anauthentication-request LMP message (LMP_au_rand) to the link manager 116of the authentication-request destination 110. Then, the link manager116 of the authentication-request destination 110 sends anauthentication-response LMP message (LMP_sres), which is a responsemessage to the authentication-request LMP message, to the link manager106 of the authentication-request source 100.

Then the link manager 106 of the authentication-request source 100 sendsan LMP message (LMP_comb_key or LMP_unit_key) for generating a link keyto the link manager 116 of the authentication-request destination 110and at the same time stores the LMP message in the memory 105. After thelink manager 116 of the authentication-request destination 110 receivesthe LMP message (LMP_comb_key or LMP_unit_key) for generating a linkkey, the link manager 116 of the authentication-request destination 110sends an LMP message (LMP_comb_key or LMP_unit_key) for generating alink key, which is a response message to the received LMP message, tothe link manager 106 of the authentication-request source 100, generatesa corresponding link key, and finishes the authentication procedure ofthe pairing process. When the link manager 106 of theauthentication-request source 100 receives the LMP message (LMP_comb_keyor LMP_unit_key) for generating a link key, the link manager 106 of theauthentication-request source 100 generates a corresponding link key,and finishes the authentication procedure of the pairing process.

FIG. 4B is a conceptual diagram of the authentication procedureperformed in the pairing process, and shows a mutual authenticationprocedure. Therefore, as shown in FIG. 4B, Authentication_Enables forboth the link manager 106 of the authentication-request source 100 andthe link manager 116 of the authentication-request destination 110 areset to “0x01”.

In a state in which authentication-enables are set as described, thelink manager 106 of the authentication-request source 100 sends anauthentication-request LMP message (LMP_au_rand) to the link manager 116of the authentication-request destination 110. Then, the link manager116 of the authentication-request 110 sends an authentication-responseLMP message (LMP_sres), which is a response message to the LMP message,to the link manager 106 of the authentication-request source 100.

Then the link manager 106 of the authentication-request source 100 sendsan LMP message (LMP_comb_key or LMP_unit_key) for generating a link keyto the link manager 116 of the authentication-request destination 110and at the same time stores the LMP message in the memory 105.

Since the Authentication_Enable of the link manager 116 of theauthentication-request destination 110 is set to a value which requiresa mutual authentication, the link manager 116 stores an LMP message(LMP_comb_key or LMP_unit_key) for generating a link key in the memory115 when the LMP message is received. Then, the link manager 116 sendsan authentication-request LMP message (LMP_au_rand) to the link manager106 of the authentication-request source 100.

When the link manager 106 of the authentication-request source 100receives an authentication-request LMP message (LMP_au_rand) from thelink manager 116 of the authentication-request destination 110 after thelink manager 106 of the authentication-request source 100 sent an LMPmessage for generating a link key, the link manager 106 of theauthentication-request source 100 sends an authentication-response LMPmessage (LMP_sres), which is a response message to the received LMPmessage, to the link manager 116 of the authentication-requestdestination 110.

After the link manager 116 of the authentication-request destination 110receives the authentication-response LMP message (LMP_sres), the linkmanager 116 sends the LMP message (LMP_comb_key or LMP_unit_key), whichis a response message corresponding to the LMP message for generating akey and has been stored in the memory 115, to the link manager 106 ofthe authentication-request source 100, and then generates acorresponding link key and finishes the mutual authentication procedureof the pairing process. The link manager 106 of theauthentication-request source 100 receives the response LMP messagecorresponding to the LMP message for generating the link key, generatesa corresponding link key and finishes the mutual authenticationprocedure of the pairing process.

FIG. 5A is a conceptual diagram of the authentication procedure forestablishing a connection after a link key is generated, and shows aunilateral authentication procedure. Therefore, as shown in FIG. 5A, theAuthentication_Enable of the link manager 106 of theauthentication-request source 100 is set to ‘0x01’, and theAuthentication_Enable of the link manager 116 of theauthentication-request destination 110 is set to ‘0x00’.

In a state in which Authentication_Enables are set as described, thelink manager 106 of the authentication-request source 100 sends anauthentication-request LMP message (LMP_au_rand) to the link manager 116of the authentication-request destination 110, and then the link manager116 of the authentication-request destination 110 sends anauthentication-response LMP message (LMP_sres), which is a responsemessage to the received LMP message, to the link manager 106 of theauthentication-request source 100.

Then, the link manager 106 of the authentication-request source 100sends an LMP message of connection-establishment-completion(LMP_setup_complete) to the link manager 116 of theauthentication-request destination 110, and at the same time stores theLMP message of connection-establishment-completion (LMP_setup_complete)in the memory 105. The link manager 116 of the authentication-requestdestination 110 receives the LMP message ofconnection-establishment-completion, and then sends an LMP message(LMP_setup_complete), responding to the received LMP message, to thelink manager 106 of the authentication-request source 100. At the sametime the link manager 116 finishes the authentication procedure andestablishes a corresponding connection. The link manager 106 of theauthentication-request source 100 receives the response LMP message(LMP_setup_complete) and then finishes the authentication procedure andestablishes a corresponding connection.

FIG. 5B is a conceptual diagram of the authentication procedure forestablishing a connection after a link key is generated, and shows amutual authentication procedure. Therefore, as shown in FIG. 5B, theAuthentication_Enables of both the link manager 106 of theauthentication-request source 100 and the link manager 116 of theauthentication-request destination 110 are set to ‘0x01’.

In a state in which Authentication_Enables are set as described,

the link manager 106 of the authentication-request source 100 sends anauthentication-request LMP message (LMP_au_rand) to the link manager 116of the authentication-request destination 110, and then the link manager116 of the authentication-request destination 110 sends anauthentication-response LMP message (LMP_sres), which is a responsemessage to the received LMP message, to the link manager 106 of theauthentication-request source 100.

Then, the link manager 106 of the authentication-request source 100sends an LMP message of connection-establishment-completion(LMP_setup_complete) to the link manager 116 of theauthentication-request destination 110, and at the same time stores theLMP message of connection-establishment-completion (LMP_setup_complete)in the memory 105. Since the Authentication_Enable of the link manager116 is set to a value which requires a mutual authentication, the linkmanager 116 of the authentication-request destination 110 stores an LMPmessage of connection-establishment-completion (LMP_setup_complete) inthe memory 115 when the LMP message is received. Then, the link manager116 sends an authentication-request LMP message (LMP_au_rand) to thelink manager 106 of the authentication-request source 100.

When the link manager 106 of the authentication-request source 100receives an authentication-request LMP message (LMP_au_rand) from thelink manager 116 of the authentication-request destination 110 after thelink manager 106 of the authentication source 100 had sent the LMPmessage of connection-establishment-completion (LMP_setup_complete), thelink manager 106 of the authentication-request source 100 sends anauthentication-response LMP message (LMP_sres), which is a responsemessage to the LMP message, to the link manager 116 of theauthentication-request destination 110.

After receiving the authentication-response LMP message (LMP_sres),

the link manager 116 of the authentication-request destination 110 sends

an LMP message (LMP_setup_complete), which is a response messagecorresponding to the LMP message of connection-establishment-completionthat is stored in the memory 115, to the link manager 106 of theauthentication-request source 100, and then finishes the mutualauthentication procedure and establishes a connection. The link manager106 of the authentication-request source 100 receives the LMP message(LMP_setup_complete), which is corresponding to the LMP message ofconnection-establishment-completion (LMP_setup_complete) that is storedin the memory 105, and then finishes the mutual authentication procedureand establishes a connection.

The authentication method for establishing a connection between the linkmanagers described above can be applied to a structure in which theauthentication-request source 100 and the authentication-requestdestination 110 are integrated in a single host (not in drawings).

As described above, the present invention provides a method forperforming an authentication procedure between transmitting andreceiving link managers according to the authentication condition of theauthentication-request destination when a connection is establishedbetween devices operating in a communication environment usingcommunication specifications such as Bluetooth, and, therefore, morereliably and precisely establishes connections in a communicationenvironment that operates based on communication specifications such asBluetooth.

1. An authentication method for establishing a connection betweendevices that can wirelessly communicate data, the method comprising thesteps of: (a) sending a response message corresponding to a firstauthentication-request message when the first authentication-requestmessage from another device that wants to establish a connection isreceived; (b) after performing the step (a) and prior to performing thestep (c), checking an authentication condition of the present devicewhen a predetermined message from the other device is received; (c)after performing the step (b), storing the predetermined message andsending a second authentication-request message to the other device whenthe result of checking indicates that a mutual authentication isrequired; and (d) after performing the step (c), sending a responsemessage corresponding to the message stored in the step (c) to the otherdevice when a response message from the other device corresponding tothe second authentication-request message is received, and finishing theauthentication procedure
 2. An authentication method for establishing aconnection between devices that can wirelessly communicate data, themethod comprising the steps of: (a) sending a firstauthentication-request message to another device to perform anauthentication procedure with the other device to which a connection iswanted; (b) sending a predetermined message according to a currentoperation mode to the other device and storing the predetermined messagewhen an authentication-response message to the firstauthentication-request message is received; (c) after performing thestep (b), checking whether a received first message is a responsemessage corresponding to the predetermined message when the firstmessage from the other device is received; (d) sending a responsemessage corresponding to a second authentication-request message to theother device when the result of checking in the step (c) indicates thatthe first message is the second authentication-request message; (e)after performing the step (d), checking whether a second message is aresponse message corresponding to the predetermined message when thesecond message from the other device is received; and (f) finishing theauthentication procedure when the result of checking in the step (e)indicates that the second message is a response message corresponding tothe predetermined message, wherein the step (b) further comprises thesub-steps of: (b1) checking whether the authentication-response messageis valid using key information and random information; and (b2)processing an authentication failure when the result of checking in thestep (b1) indicates that the authentication-response message is notvalid, wherein in the step (b1), the key information is held by thepresent device and the random information was used in sending the firstauthentication message, wherein in the step (b), when the currentoperation mode is a pairing process, a message for generating a link keyis sent as the predetermined message and stored, and when the currentoperation mode is not a pairing process, a message ofconnection-establishment-completion is sent as the predetermined messageand stored; and the step (g) further comprises the sub-steps of: (g1)generating a link key before finishing the authentication procedure whenthe current operation mode is a pairing process; and (g2) finishing theauthentication procedure and establishing a connection to the otherdevice when the current operation mode is not a pairing process, andwherein in the step (d), when the predetermined message received in thestep (b) is a message for generating a link key, the present devicesends a response message corresponding to the message for generating alink key to the other device, generates a link key, and then finishesthe authentication procedure; and when the predetermined messagereceived in the step (b) is a message ofconnection-establishment-completion, the present device sends a responsemessage corresponding to the message ofconnection-establishment-completion to the other device, finishes theauthentication procedure, and then establishes a connection to the otherdevice.
 3. An authentication method for establishing a connectionbetween devices that can wirelessly communicate data, the methodcomprising the steps of: (a) sending a first authentication-requestmessage to another device to perform an authentication procedure withthe other device to which a connection is wanted; (b) sending apredetermined message according to a current operation mode to the otherdevice and storing the predetermined message when anauthentication-response message to the first authentication-requestmessage is received; (c) after performing the step (b), checking whethera received first message is a response message corresponding to thepredetermined message when the first message from the other device isreceived; (d) sending a response message corresponding to a secondauthentication-request message to the other device when the result ofchecking in the step (c) indicates that the first message is the secondauthentication-request message; (e) after performing the step (d),checking whether a second message is a response message corresponding tothe predetermined message when the second message from the other deviceis received; and (f) finishing the authentication procedure when theresult of checking in the step (e) indicates that the second message isa response message corresponding to the predetermined message, whereinthe step (b) further comprises the sub-steps of: (b1) checking whetherthe authentication-response message is valid using key information andrandom information; and (b2) processing an authentication failure whenthe result of checking in the step (b1) indicates that theauthentication-response message is not valid, wherein in the step (b1),the key information is held by the present device and the randominformation was used in sending the first authentication message,wherein in the step (b), when the current operation mode is a pairingprocess, a message for generating a link key is sent as thepredetermined message and stored, and when the current operation mode isnot a pairing process, a message of connection-establishment-completionis sent as the predetermined message and stored; and the step (g)further comprises the sub-steps of: (g1) generating a link key beforefinishing the authentication procedure when the current operation modeis a pairing process; and (g2) finishing the authentication procedureand establishing a connection to the other device when the currentoperation mode is not a pairing process, and wherein the step (d)further comprises the sub-steps of: (d1) checking whether the responsemessage corresponding to the second authentication-request message isvalid when the response message corresponding to the secondauthentication-request message is received by using random informationand key information; and (d2) processing an authentication failure whenthe result of checking in the step (d1) indicates that the responsemessage is not valid.
 4. The authentication method of claim 3, whereinin the step (d1), the present device holds the key information and therandom information was used in sending the first authentication message.5. An authentication method for establishing a connection betweendevices that can wirelessly communicate data, the method comprising thesteps of: (a) sending a first authentication-request message to anotherdevice to perform an authentication procedure with the other device towhich a connection is wanted; (b) sending a predetermined messageaccording to a current operation mode to the other device and storingthe predetermined message when an authentication-response message to thefirst authentication-request message is received; (c) after performingthe step (b), checking whether a received first message is a responsemessage corresponding to the predetermined message when the firstmessage from the other device is received; (d) sending a responsemessage corresponding to a second authentication-request message to theother device when the result of checking in the step (c) indicates thatthe first message is the second authentication-request message; (e)after performing the step (d), checking whether a second message is aresponse message corresponding to the predetermined message when thesecond message from the other device is received; and (f) finishing theauthentication procedure when the result of checking in the step (e)indicates that the second message is a response message corresponding tothe predetermined message, wherein the step (b) further comprises thesub-steps of: (b1) checking whether the authentication-response messageis valid using key information and random information; and (b2)processing an authentication failure when the result of checking in thestep (b1) indicates that the authentication-response message is notvalid, wherein in the step (b1), the key information is held by thepresent device and the random information was used in sending the firstauthentication message, wherein in the step (b), when the currentoperation mode is a pairing process, a message for generating a link keyis sent as the predetermined message and stored, and when the currentoperation mode is not a pairing process, a message ofconnection-establishment-completion is sent as the predetermined messageand stored; and the step (g) further comprises the sub-steps of: (g1)generating a link key before finishing the authentication procedure whenthe current operation mode is a pairing process; and (g2) finishing theauthentication procedure and establishing a connection to the otherdevice when the current operation mode is not a pairing process, andwherein in the step (b) authentication enable information is checked asthe authentication condition.
 6. An authentication method forestablishing a connection between devices that can wirelesslycommunicate data, the method comprising: determining whether anauthentication procedure for establishing a connection between devicesthat want to communicate data is performed as a unilateralauthentication procedure or as a mutual authentication procedure,according to an authentication condition which enables receiving anauthentication request in the two devices that can communicate data; andperforming the authentication procedure.
 7. The authentication method ofclaim 4, wherein in performing the authentication procedure, when theauthentication condition of the device that receives the authenticationrequest is set to require the mutual authentication procedure, themutual authentication procedure is performed by sending anauthentication request message to the device that requests anauthentication.
 8. The authentication method of claim 4, wherein inperforming the authentication procedure, the authentication procedure isdetermined by checking authentication enable information of the devicethat receives the authentication request.